Your message dated Thu, 29 Jan 2026 18:49:09 +0000
with message-id <[email protected]>
and subject line Bug#1126267: fixed in gimp 2.10.34-1+deb12u7
has caused the Debian Bug report #1126267,
regarding gimp: CVE-2025-15059
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126267: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126267
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: gimp
Version: 3.2.0~RC2-3
Severity: grave
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for gimp.
CVE-2025-15059[0]:
| GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code
| Execution Vulnerability. This vulnerability allows remote attackers
| to execute arbitrary code on affected installations of GIMP. User
| interaction is required to exploit this vulnerability in that the
| target must visit a malicious page or open a malicious file. The
| specific flaw exists within the parsing of PSP files. The issue
| results from the lack of proper validation of the length of user-
| supplied data prior to copying it to a heap-based buffer. An
| attacker can leverage this vulnerability to execute code in the
| context of the current process. Was ZDI-CAN-28232.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-15059
https://www.cve.org/CVERecord?id=CVE-2025-15059
[1] https://gitlab.gnome.org/GNOME/gimp/-/issues/15284
[2] https://www.zerodayinitiative.com/advisories/ZDI-25-1196/
[3]
https://gitlab.gnome.org/GNOME/gimp/-/commit/03575ac8cbb0ef3103b0a15d6598475088dcc15e
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gimp
Source-Version: 2.10.34-1+deb12u7
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gimp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated gimp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 24 Jan 2026 18:26:34 +0100
Source: gimp
Architecture: source
Version: 2.10.34-1+deb12u7
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1126267
Changes:
gimp (2.10.34-1+deb12u7) bookworm-security; urgency=medium
.
* CVE-2025-15059 (Closes: #1126267)
Checksums-Sha1:
3c4ca917d432ee94006331a5420d8809968456e9 3534 gimp_2.10.34-1+deb12u7.dsc
9c0d6de8fd7f276a1038c5f129a3f11e1c4af3b6 73096
gimp_2.10.34-1+deb12u7.debian.tar.xz
d2eeb792e52d5c795eb989fb5de9decbb69aaa92 21962
gimp_2.10.34-1+deb12u7_amd64.buildinfo
Checksums-Sha256:
9c858e39aba5cb32e5f50f0635da682e74aa23dd2f7fe481158453c73186a05d 3534
gimp_2.10.34-1+deb12u7.dsc
8ce7c8930dfbb4e2779f8de86a739fcff0b88d8d8c434684e21a66be9b423dc0 73096
gimp_2.10.34-1+deb12u7.debian.tar.xz
6a8665f9077fac88dac800b64bab65fcc5d8b756b9f5beed7d28b7e665270087 21962
gimp_2.10.34-1+deb12u7_amd64.buildinfo
Files:
a0b0284b68ae84c1d032f5b638691e01 3534 graphics optional
gimp_2.10.34-1+deb12u7.dsc
dd6656a2d13655ff12e5c92cb8301903 73096 graphics optional
gimp_2.10.34-1+deb12u7.debian.tar.xz
ad02bb9a739bd30610d43785d56e5f39 21962 graphics optional
gimp_2.10.34-1+deb12u7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAml2C+YACgkQEMKTtsN8
TjaO8hAApYxydF+He3fJ1FxwNUxLnnkiFlm+WHOwKUDwfvY3OYQ6rHj0mY+RYWQk
re19T9LjCTznUsJ+OurreKqQHB6Is6URl3k5xNJDNl+FpmhwFSwnWW+GVH1aiQ0N
/opI++qaE1Pq8RWXENLPjZ+ZfU14B15dM5ywbTaH8DWnbVbZM3fOvOXQtl2W+WvZ
3SrBGevlQJT+tHEQHIQovTEWlYhG8u6xxZtDHZTWQQFKNHZov38WiNQvQxxwIY5t
zx6mkHGgJCWGVaek1AA7N1lVyj/h9vMDEYJUogSyw2Nr9zrVSf9wwHHk80R+pbyU
r2jiRyQzF5fQaJWPW3K/u7smMZdj3+hueBmByEuTzRE/q6/GPjplrWgfmeZ5ENjs
rmnGlsNrE9LKT1e67GyjL46KvukpDgyPIAefZrCY0LbL1SM0zFBvP/NqoGXtPCFn
6sZYOeqXKLZ8GfhP4RXgTymDSkZm5bQlA8/rYRUB5rXoXCDCDYmjxKE9OaAnX/N+
LNzwMx5Tt6px2Ol9Or65pY2wWXbB4Qf7y3uqoqKpDVypq+tIQQ5iPhM1oRRentZt
v9wYgrTFCIgPh/cHsLUv9Kw/abHtes51x4bB26Ho1eSqeupZssVj9wAKnovLt+OJ
wpaD1p7erlCCdRfF16TCFWFSEk9luL0lJLJDb36fpAOfjzRMKQQ=
=IQOk
-----END PGP SIGNATURE-----
pgp2w2SZqiKTg.pgp
Description: PGP signature
--- End Message ---
